Network Firewall sometimes connection failed.

Question

Hello
Our service use network firewall for checking outbound traffic(http, https).

Sometimes http connection failed(timeout) and cannot recover connection before restart service(using ecs fargate).
So I tried empty firewall policies like below but cannot fix the problem.

[Routing]
private subnet -> NAT GW -> Firewall -> Internet GW

[Firewall Setting]

Stream Exception Policy : Continue

Stateless Default Action : Forward to stateful rules

Statefull Default Action : All Pass

Could you tell me something wrong with my settings?

Answer

A NAT gateway can be setup as either public or private.

If you use a private NAT gateway to connect to a transit gateway or virtual private gateway, traffic to the destination will come from the private IP address of the private NAT gateway.

If you use a public NAT gateway to connect to a transit gateway or virtual private gateway, traffic to the destination will come from the private IP address of the public NAT gateway unless you use an internet gateway. The public NAT gateway will only use its EIP as the source IP address when used in conjunction with an internet gateway.

It is often most efficient to have a NAT gateway per Availability Zone. It is important that each private subnet having routing configured to use the NAT gateway that is in the same AZ. (The Public subnet in each of the 3 AZs can all share the same route table which should have a default route to a single Internet gateway.)

Network Firewall sometimes connection failed.

Relevant content